heartbeat -- buffer overflow

ID DSA-174
Type debian
Reporter Debian
Modified 2002-10-14T00:00:00


Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted UDP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root.

This problem has been fixed in version for the current stable distribution (woody) and version for the unstable distribution (sid). The old stable distribution (potato) doesn't contain a heartbeat package.

We recommend that you upgrade your heartbeat package immediately if you run internet connected servers that are heartbeat-monitored.